CryptoAPI and 5 bytes exponent public keys

Hi all,

One customer of mine wanted to import a public key he got from a partner. That public key had a 2048 bits modulus and a 5 bytes exponent.

The problem was that CryptoAPI's RSAPUBKEY structure doesn't allow a 5 bytes exponent because it defines the public exponent with a DWORD (4 bytes max):

typedef struct _RSAPUBKEY {
DWORD               magic ;
DWORD               bitlen ;
DWORD               pubexp ;


CryptoAPI only supports 4 byte exponents with MS CSPs (Cryptographic Service Providers). CNG overcomes this limitation on Vista and later:

Key Storage and Retrieval
CNG is more flexible with regard to RSA key pairs. For example, CNG supports public exponents larger than 32-bits in length, and it supports keys in which p and q are different lengths.

Please, note that the restriction of 4 byte exponents are for MS CSPs only. CryptoAPI should be able to work with 5 byte exponents if using a third-party CSP.



Alex (Alejandro Campos Magencio)

Comments (0)

Skip to main content